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Single- packet IP traceback 

Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, 
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The design of the IP protocol makes it difficult to reliably identify the originator of an IP - 
packet. Even in the absence of any deliberate attempt to disguise a packet's origin, 
widespread packet forwarding techniques such as NAT and encapsulation may obscure the 
packet's true source. Techniques have been developed to determine the source of large 
packet flows, but, to date, no system has been presented to track individual packets in an 
efficient, scalable fashion. We present a hash-based techn ... 

Keywords: IP traceback, computer network management, computer network security, 
denial of service (DoS), network fault diagnosis, wide-area networks (WANs) 



Online tracking of mobile users 
Baruch Awerbuch, David Peleg 

September 1995 Journal of the ACM (JACM), Volume 42 issue 5 
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terms , review 

This paper deals with the problem of maintaining a distributed directory server, that 
enables us to keep track of mobile users in a distributed network. The paper introduces 
the graph-theoretic concept of regional matching, and demonstrates how finding a 
regional matching with certain parameters enables efficient tracking. The communication 
overhead of our tracking mechanism is within a polylogarithmic factor of the lower bound. 



Keywords: bounded packet header, bounded protocol, ideal transmission cost, 
lookahead, non-FIFO channels, receiver-driven protocol, recoverable protocol, recovery 
cost, sequence transmission problem 
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2001 conference on Applications, technologies, architectures, and 
protocols for computer communications SIGCOMM *01, volume 3i issue 4 
Publisher: ACM Press 
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The design of the IP protocol makes it difficult to reliably identify the originator of an IP . 
packet. Even in the absence of any deliberate attempt to disguise a packet's origin, wide- 
spread packet forwarding techniques such as NAT and encapsulation may obscure the 
-packet's true source. Techniques have been developed to determine the source of large 
packet flows, but, to date, no system has been presented to track individual packets in an 
efficient, scalable fashion. We present a hash-based techn ... 

^ Fast detection of communication patterns in distributed executions HH 
Thomas Kunz, Michiel F. H. Seuren 

November 1997 Proceedings of the 1997 conference of the Centre for Advanced 
Studies on Collaborative research 

Publisher: IBM Press 

Full text available: ^ pdf(4.21 MB) Additional Information: full citation , abstract , references , index terms 

Understanding distributed applications is a tedious and difficult task. Visualizations based 
on process-time diagrams are often used to obtain a better understanding of the 
execution of the application. The visualization tool we use is Poet, an event tracer 
developed at the University of Waterloo. However, these diagrams are often very complex 
and do not provide the user with the desired overview of the application. In our 
experience, such tools display repeated occurrences of non-trivial commun ... 

5 Measuring the effects of internet path faults on reactive routin g Q 
Nick Feamster, David G. Andersen, Hari Balakrishnan, M. Frans Kaashoek 
June 2003 ACM SIGMETRICS Performance Evaluation Review , Proceedings of the 
2003 ACM SIGMETRICS international conference on Measurement and 
modeling of computer systems SIGMETRICS '03, volume 3i issue i 
Publisher: ACM Press 
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Empirical evidence suggests that reactive routing systems improve resilience to Internet 
path failures. They detect and route around faulty paths based on measurements of path 
performance. This paper seeks to understand why and under what circumstances these 
techniques are effective. To do so, this paper correlates end-to-end active probing 
experiments, loss-triggered traceroutes of Internet paths, and BGP routing messages. 
These correlations shed light on three questions about Inte ... 

Dynamic path-based software watermarking Q 
C. Collberg, E. Carter, S. Debray, A. Huntwork, J. Kececioglu, C. Linn, M. Stepp 
June 2004 ACM SIGPLAN Notices , Proceedings of the ACM SIGPLAN 2004 conference 
on Programming language design and implementation PLDI '04, Volume 39 
Issue 6 
Publisher: ACM Press 

Full text available: ^ pdf(282.11 KB ) Additional Information: full citation , abstract , references , index terms 

Software watermarking is a tool used to combat software piracy by embedding identifying 
information into a program. Most existing proposals for software watermarking have the 
shortcoming that the mark can be destroyed via fairly straightforward semantics- 
preserving code transformations. This paper introduces path-based watermarking, a new 
approach to software watermarking based on the dynamic branching behavior of 
programs. The advantage of this technique is that error-correcting and tamper-proo ... 

Keywords: software piracy, software protection, watermarking 
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This paper describes a technique for tracing anonynnous packet flooding attacks in the 
Internet back toward their source. This work is motivated by the increased frequency and 
sophistication of denial-of-service attacks and by the difficulty in tracing packets with 
incorrect, or ''spoofed," source addresses. In this paper, we describe a general purpose 
traceback mechanism based on probabilistic packet marking in the network. Our approach 
allows a victim to identify the network pat ... 

Keywords: computer network management, computer network security, network 
servers, stochastic approximation, wide-area networks 



Measurement: A high-level pro gramming environment for packet trace anonymization 
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Ruoming Pang, Vern Paxson 

August 2003 Proceedings of the 2003 conference on Applications, teclinologies, 
architectures, and protocols for computer communications 
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Packet traces of operational Internet traffic are invaluable to network research, but public 
sharing of such traces is severely limited by the need to first remove all sensitive 
information. Current trace anonymization technology leaves only the packet headers 
intact, completely stripping the contents; to our knowledge, there are no publicly 
available traces of any significant size that contain packet payloads. We describe a new 
approach to transform and anonymize packet traces. Our tool provide ... . 

Keywords: anonymization, internet, measurement, network Intrusion detection, packet 
trace, privacy, transformation 
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processing in sensor networlcs IPSN '06 
Publisher: ACM Press 

Full text available: ^ pdf(307.50 KB) Additional Information: full citation , abstract , references , index terms 

Network-based attacks can be either persistent or sporadic. Persistent attack flows can be 
relatively easy to trace by mechanisms such as probabilistic packet marking, traffic 
logging, data mining etc. Sporadic attacks are sometimes easily detected by the Intrusion 
Detection Systems (IDSs) at the victims, but are hard to trace back to the attack origins. 
We propose CAPTRA, a CoordinAted Packet TRAceback mechanism, for wireless sensor 
networks (WSNs) that takes advantage of the broadcasting natur ... 

Keywords: bloom filter, packet traceback, wireless sensor networks 
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Physical layer wireless network emulation has the potential to be a powerful experimental 
tool. An important challenge in physical emulation, and traditional simulation, is to 
accurately model the wireless channel. In this paper we examine the possibility of using 
on-card signal strength measurements to capture wireless channel traces. A key 
advantage of this approach is the simplicity and ubiquity with which these measurements 
can be obtained since virtually all wireless devices provide the req ... 
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This paper describes a technique for tracing anonymous packet flooding attacks in the 
Internet back towards their source. This work is motivated by the increased frequency 
and sophistication of denial-of-service attacks and by the difficulty in tracing packets with 
incorrect, or ' 'spoofed", source addresses. In this paper we describe a general purpose 
traceback mechanism based on probabilistic packet marking in the network. Our approach 
allows a victim to Identify the network path(.s) trave ... 
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Today distributed denial of service (DDoS) attacks are causing major problems to conduct 
online business over the Internet. Recently several schemes have been proposed on how 
to prevent some of these attacks, but they suffer from a range of problems, some of them 
being impractical and others not being effective against these attacks. In this paper, we 
propose a Controller-Agent model that would greatly minimize DDoS attacks on Internet. 
With a new packet marking technique and agent design our sc ... 

Keywords: DoS, broad attack signatures, controller-agent model, denial of service, 
packet marking 



13 The impact of BGP dynamics on intra-domain traffic 
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June 2004 ACM SIGMETRICS Performance Evaluation Review , Proceedings of the 

joint international conference on Measurement and modeling of computer 
systems SIGMETRICS 2004/PERFORMANCE 2004, Volume 32 Issue 1 
Publisher: ACM Press 
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Recent work in network traffic matrix estimation has focused on generating router-to- 
router or PoP-to-PoP (Point-of-Presence) traffic matrices within an ISP backbone from ' 
network link load data. However, these estimation techniques have not considered the 
impact of inter-domain routing changes in BGP (Border Gateway Protocol). BGP routing ' 
changes have the potential to introduce significant errors in estimated traffic matrices by 
causing traffic shifts between egress routers or PoPs within a sing ... 
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Detection: On scalable attack detection in the network 
Ramana Rao Kompella, Sumeet Singh, George Varghese 

October 2004 Proceedings of the 4th ACi^ SIGCOMM conference on Internet 

measurement 
Publisher: ACM Press 

Full text available: ^ pdf(405.42 KB) Additional Information: full citation , abstract , references , index terms 

Current intrusion detection and prevention systems seek to detect a wide class of network 
intrusions (e.g., DoS attacks, worms, port scans)at network vantage points. 
Unfortunately, all the IDS systems we know of keep per-connection or per-flow state. 
Thus it is hardly surprising that IDS systems (other than signature detection mechanisms) 
have not scaled to multi-gigabit speeds. By contrast, note that both router lookups and . 
fair queuing have scaled to high speeds using <i>aggregation< ... 

^Keywords: denial of service, scalability, security 
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Marcos K. Aguilera, Jeffrey C. Mogul, Janet L. Wiener, Patrick Reynolds, Athicha 
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October 2003 Proceedings of the nineteenth ACM symposium on Operating systems 
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Publisher: ACM Press 
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Many interesting large-scale systems are distributed systems of multiple communicating 
components. Such systems can be very hard to debug, especially when they exhibit poor 
performance. The problem becomes much harder when systems are composed of "black- 
box" components: software from many different (perhaps competing) vendors, usually 
without source code available. Typical solutions-provider employees are not always skilled 
or experienced enough to debug these systems efficiently. Our goal is to ... 

Keywords: black box systems, distributed systems, performance analysis, performance 
debugging 
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Branch misprediction penalties continue to increase as microprocessor cores become 
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wider and deeper. Thus, improving branch prediction accuracy remains an important 
challenge. Simultaneous Subordinate Microth reading (SSMT) provides a means to improve 
branch prediction accuracy. SSMT machines run multiple, concurrent microthreads In 
support of the primary thread. We propose to dynamically construct microthreads that 
can speculatively and accurately pre-compute branch outcomes along frequently mis ... 

Keywords: high performance microprocessor, branch prediction, SSMT, SMT, helper 
thread, microarchitecture, microthread 
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This paper describes an environment for visualizing packet traces that greatly sinnpllfies 
. troubleshooting protocol Implementations. Network management centers routinely collect 
packet traces to tally traffic statistics and to troubleshoot protocol configuration and 
implementation problems. Previous efforts have focused on the reliable collection of 
traces and their statistical interpretation. Display of packet traces was restricted to a 
textual representation of the raw headers. Our prototy ... 
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Routing loops are. caused by inconsistencies in the routing state of the network. Although 
undesirable from this aspect, they can provide insight into the routing dynamics that 
caused them. In this work we present a methodology that utilizes a priori knowledge of 
loops to study the correlation between routing loops and routing events that could have 
caused them. We apply our technique to associate route changes with packet loops 
detected in actual traffic traces collected from the Sprint Backbone ... 

Keywords: IP networks, measurement, routing 
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To date, realistic ISP topologies have not been accessible to the research community, 
leaving work that depends on topology on an uncertain footing. In this paper, we present 
new Internet mapping techniques that have enabled us to measure router-level ISP 
topologies. Our techniques reduce the number of required traces compared to a brute- 
force, all-to-all approach by three orders of magnitude without a significant loss in 
accuracy. They include the use of BGP routing tables to focus the measurem ... 

Keywords: communication system operations and management, internet, measurement, 
network reliability 
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